DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
+ DBG2(DBG_CFG, " per_cpu_sas = %u", has_opt(cfg, OPT_PER_CPU_SAS));
DBG2(DBG_CFG, " hw_offload = %N", hw_offload_names, cfg->hw_offload);
DBG2(DBG_CFG, " sha256_96 = %u", has_opt(cfg, OPT_SHA256_96));
DBG2(DBG_CFG, " copy_df = %u", !has_opt(cfg, OPT_NO_COPY_DF));
return parse_option(out, OPT_NO_COPY_ECN, v, FALSE);
}
+/**
+ * Parse OPT_PER_CPU_SAS option
+ */
+CALLBACK(parse_opt_cpus, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_PER_CPU_SAS, v, TRUE);
+}
+
/**
* Parse a dscp_copy_t
*/
{ "if_id_out", parse_if_id, &child->cfg.if_id_out },
{ "label", parse_label, &child->cfg.label },
{ "label_mode", parse_label_mode, &child->cfg.label_mode },
+ { "per_cpu_sas", parse_opt_cpus, &child->cfg.options },
};
return parse_rules(rules, countof(rules), name, value,
default of 32 are supported using the Netlink backend only, a value of 0
disables IPsec replay protection.
+connections.<conn>.children.<child>.per_cpu_sas = no
+ Enable per-CPU CHILD_SAs. Requires _trap_ in **start_action**.
+
connections.<conn>.children.<child>.hw_offload = no
Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation.
projects / thirdparty / strongswan.git / commitdiff
